use of org.nhind.config.Certificate in project nhin-d by DirectProject.
the class WSSmtpAgentConfigFunctional_Test method addCertificatesToConfig.
protected void addCertificatesToConfig(String certFilename, String keyFileName, String email) throws Exception {
byte[] dataToAdd = null;
if (keyFileName == null) {
// just load the cert
dataToAdd = loadCertificateData(certFilename);
} else {
dataToAdd = loadPkcs12FromCertAndKey(certFilename, keyFileName);
}
Certificate cert = new Certificate();
cert.setData(dataToAdd);
cert.setOwner(email);
proxy.addCertificates(new Certificate[] { cert });
}
use of org.nhind.config.Certificate in project nhin-d by DirectProject.
the class NHINDSecurityAndTrustMailet_initialization_Test method testValidMailetConfiguration_AssertProperWSInitialization.
public void testValidMailetConfiguration_AssertProperWSInitialization() throws Exception {
new TestPlan() {
private ConfigurationServiceProxy proxy;
@Override
protected MailetConfig getMailetConfig() throws Exception {
ConfigServiceRunner.startConfigService();
cleanConfig();
addDomains();
addTrustAnchors();
Map<String, String> params = new HashMap<String, String>();
params.put("ConfigURL", ConfigServiceRunner.getConfigServiceURL());
return new MockMailetConfig(params, "NHINDSecurityAndTrustMailet");
}
protected void addDomains() throws Exception {
Domain dom = new Domain();
dom.setDomainName("cerner.com");
dom.setPostMasterEmail("postmaster@cerner.com");
proxy.addDomain(dom);
dom = new Domain();
dom.setDomainName("securehealthemail.com");
dom.setPostMasterEmail("postmaster@securehealthemail.com");
proxy.addDomain(dom);
}
protected void addTrustAnchors() throws Exception {
Vector<Anchor> vec = new Vector<Anchor>();
Anchor anchor = new Anchor();
anchor.setData(getCertificateFileData("cacert.der"));
anchor.setOwner("cerner.com");
anchor.setIncoming(true);
anchor.setOutgoing(true);
vec.add(anchor);
anchor = new Anchor();
anchor.setData(getCertificateFileData("cacert.der"));
anchor.setOwner("securehealthemail.com");
anchor.setIncoming(true);
anchor.setOutgoing(true);
vec.add(anchor);
proxy.addAnchor(vec.toArray(new Anchor[vec.size()]));
}
protected void cleanConfig() throws Exception {
proxy = new ConfigurationServiceProxy(ConfigServiceRunner.getConfigServiceURL());
// clean domains
int domainCount = proxy.getDomainCount();
Domain[] doms = proxy.listDomains(null, domainCount);
if (doms != null)
for (Domain dom : doms) {
// clean anchors
proxy.removeAnchorsForOwner(dom.getDomainName());
proxy.removeDomain(dom.getDomainName());
}
// clean certificates
Certificate[] certs = proxy.listCertificates(0, 0x8FFFF, null);
if (certs != null)
for (Certificate cert : certs) proxy.removeCertificatesForOwner(cert.getOwner());
// clean settings
Setting[] settings = proxy.getAllSettings();
if (settings != null)
for (Setting setting : settings) proxy.deleteSetting(new String[] { setting.getName() });
}
@Override
protected void doAssertions(NHINDSecurityAndTrustMailet agent) throws Exception {
assertNotNull(agent);
assertNotNull(agent.getInitParameter("ConfigURL"));
assertEquals(ConfigServiceRunner.getConfigServiceURL(), agent.getInitParameter("ConfigURL"));
}
}.perform();
}
use of org.nhind.config.Certificate in project nhin-d by DirectProject.
the class AddDomainCAAndPrivCert method main.
public static void main(String[] args) {
final String configServiceUrl = args[0];
final String domainName = args[1];
final String caCommonName = args[2];
final String certCommonName = args[3];
try {
final ConfigurationServiceProxy cfService = new ConfigurationServiceProxy(configServiceUrl);
final Domain domain = new Domain();
domain.setDomainName(domainName);
domain.setPostMasterEmail("postmaster@" + domainName);
domain.setStatus(EntityStatus.ENABLED);
cfService.addDomain(domain);
// now add the anchor and cert
final File caFile = AbstractCertCreator.createNewFileName(caCommonName, false);
final Anchor anchor = new Anchor();
anchor.setData(FileUtils.readFileToByteArray(caFile));
anchor.setOwner(domainName);
anchor.setIncoming(true);
anchor.setOutgoing(true);
anchor.setStatus(EntityStatus.ENABLED);
cfService.addAnchor(new Anchor[] { anchor });
final File certFile = AbstractCertCreator.createNewFileName(certCommonName, false);
final String certFileName = certFile.getName();
int idx = certFileName.lastIndexOf(".der");
final String p12FileName = certFileName.substring(0, idx) + ".p12";
final Certificate cert = new Certificate();
cert.setData(FileUtils.readFileToByteArray(new File(p12FileName)));
cert.setStatus(EntityStatus.ENABLED);
cfService.addCertificates(new Certificate[] { cert });
} catch (Exception e) {
e.printStackTrace();
}
}
use of org.nhind.config.Certificate in project nhin-d by DirectProject.
the class DNSServer_Function_Test method xCertToCert.
private Certificate xCertToCert(X509Certificate cert) throws Exception {
Certificate retVal = new Certificate();
retVal.setOwner(DNSRecordUtil.getCertOwner(cert));
retVal.setData(cert.getEncoded());
return retVal;
}
use of org.nhind.config.Certificate in project nhin-d by DirectProject.
the class ConfigServiceDNSStore method processCERTRecordRequest.
/**
* Processes all DNS CERT requests.
* @param name The record name. In many cases this a email address.
* @return Returns a set of record responses to the request.
* @throws DNSException
*/
@SuppressWarnings("unused")
protected RRset processCERTRecordRequest(String name) throws DNSException {
if (name.endsWith("."))
name = name.substring(0, name.length() - 1);
Certificate[] certs;
// use the certificate configuration service
try {
certs = proxy.getCertificatesForOwner(name, null);
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
}
if (certs == null || certs.length == 0) {
// unless the call above was for an org level cert, it will probably always fail because the
// "name" parameter has had all instances of "@" replaced with ".". The certificate service
// stores owners using "@".
// This is horrible, but try hitting the cert service replacing each "." with "@" one by one.
// Start at the beginning of the address because this is more than likely where the "@" character
// will be.
int previousIndex = 0;
int replaceIndex = 0;
while ((replaceIndex = name.indexOf(".", previousIndex)) > -1) {
char[] chars = name.toCharArray();
chars[replaceIndex] = '@';
try {
certs = proxy.getCertificatesForOwner(String.copyValueOf(chars), null);
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
}
if (certs != null && certs.length > 0)
break;
if (replaceIndex >= (name.length() - 1))
break;
previousIndex = replaceIndex + 1;
}
}
if (certs == null || certs.length == 0)
return null;
if (!name.endsWith("."))
name += ".";
RRset retVal = new RRset();
try {
for (Certificate cert : certs) {
int certRecordType = CERTRecord.PKIX;
byte[] retData = null;
X509Certificate xCert = null;
try {
// need to convert to cert container because this might be
// a certificate with wrapped private key data
final CertUtils.CertContainer cont = CertUtils.toCertContainer(cert.getData());
xCert = cont.getCert();
// check if this is a compliant certificate with the configured policy... if not, move on
if (!isCertCompliantWithPolicy(xCert))
continue;
retData = xCert.getEncoded();
} catch (CertificateConversionException e) {
// probably not a Certificate... might be a URL
}
if (xCert == null) {
// see if it's a URL
try {
retData = cert.getData();
URL url = new URL(new String(retData));
certRecordType = CERTRecord.URI;
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "Failure while parsing CERT record data: " + e.getMessage(), e);
}
}
int keyTag = 0;
int alg = 0;
if (xCert != null && xCert.getPublicKey() instanceof RSAKey) {
RSAKey key = (RSAKey) xCert.getPublicKey();
byte[] modulus = key.getModulus().toByteArray();
keyTag = (modulus[modulus.length - 2] << 8) & 0xFF00;
keyTag |= modulus[modulus.length - 1] & 0xFF;
alg = 5;
}
CERTRecord rec = new CERTRecord(Name.fromString(name), DClass.IN, 86400L, certRecordType, keyTag, alg, /*public key alg, RFC 4034*/
retData);
retVal.addRR(rec);
}
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "Failure while parsing CERT record data: " + e.getMessage(), e);
}
// resulting in an empty RR set
return (retVal.size() == 0) ? null : retVal;
}
Aggregations